Deploying the ingress controller for Kubernetes

To deploy the ingress controller for Rancher-based Kubernetes

1. If you have the ingress-nginx namespace, delete it by running the following commands:

   kubectl delete ds -n ingress-nginx nginx-ingress-controller
   kubectl -n ingress-nginx delete svc ingress-nginx-controller-admission
   kubectl delete clusterrole ingress-nginx
   kubectl delete ClusterRoleBinding ingress-nginx
   kubectl delete IngressClass nginx
   kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission
   kubectl delete ns ingress-nginx

2. Download the psp.yaml file from github by using the following command:

   wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/psp/psp.yaml

3. If you have the restricted-psp property enabled by default, apply the psp.yaml file by using the following command:

   kubectl apply -f psp.yaml

4. Get the deploy.yaml file from github by using the following command:

   wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml
5. In the deploy.yaml file, change the value for the kind parameter for the ingress-nginx-controller from Deployment to DaemonSet.
   Note that the namespace for the ingress controller is ingress-nginx.

6. Apply the deploy.yaml file by using the following command:

   kubectl apply -f deploy.yaml

7. Create a secret with the certificate and key to be mounted on the ingress controller pods by using the following command:

   kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginx
   

   Important

   Ensure that the cert.pem file has the full chain in it.

8. Edit the daemonset as described below:
   1. Add the secret that you created in the args section.

   2. Set the ingress-class parameter according to your requirement.

      kubectl edit daemonset ingress-nginx-controller -n ingress-nginx
      ...
         spec:
            containers:
            - args:
              - /nginx-ingress-controller
              - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
              - --election-id=ingress-controller-leader
              - --controller-class=k8s.io/ingress-nginx
              - --ingress-class=nginx
              - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
              - --validating-webhook=:8443
              - --validating-webhook-certificate=/usr/local/certificates/cert
              - --validating-webhook-key=/usr/local/certificates/key
              - --default-ssl-certificate=ingress-nginx/my-tls-secret
      ...

9. Configure the ingress controller.

   Expand to see the steps:

   1. Identify the configmap name by running the following command:

      kubectl get all -n <ingress_nginx_namespace>

   2. Change the configmap name to use the configmap in your environment by running the following command:

      kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>
      
      data:
        enable-underscores-in-headers: "true"
        proxy-body-size: 250m
        server-name-hash-bucket-size: "1024"
        ssl-redirect: "false"
        use-forwarded-headers: "true"
10. Verify that the pods are running on each worker node.

11. Update the service ingress-nginx-controller and add load balancer IP as an external IP by using the following command:

    kubectl patch service/ingress-nginx-controller -n ingress-nginx -p '{"spec":{"externalIPs":["xxx.xx.xx.xxx"]}}'

12. Update the load balancer settings to point to the correct ports of ingress-nginx-controller service. Check the ingress-nginx-controller service ports by using the following command:

    kubectl -n ingress-nginx get svc

    Example output:

    For example, you will see output like below:
    $ kubectl -n ingress-nginx get svc
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    ingress-nginx-controller LoadBalancer 10.43.43.12 XXX.XXX.XXX.XXX 80:31764/TCP,443:31864/TCP 24h
    ingress-nginx-controller-admission ClusterIP 10.43.46.181 <none> 443/TCP 24h